For many of this yr, Microsoft has been warning customers that they’ll now not be capable to use its Authenticator cellular software for consumer ID and password administration. As reported by CNET on July 29, 2025, “In June, the corporate stopped letting customers add passwords to Authenticator…. And beginning Aug. 1, you may now not be capable to use saved passwords.”
To me, the dire warnings of this pending doomsday-like deadline are harking back to the run-up to January 1, 2000 — the so-called “Y2K drawback” — when it was anticipated that computer systems in all places would expertise a meltdown as a result of their programmers by no means thought of the likelihood that their software program would nonetheless be in use within the twenty first century.
The nice passkey migration
However most of this reporting overlooks the larger shift that is underway throughout Microsoft’s id administration portfolio and, in lots of circumstances, is lacking key particulars concerning the future roles of Microsoft Authenticator and the Microsoft Edge browser in relation to one other colossal shift that is at the moment in progress: the world’s transition from passwords to passkey.
A passkey is unequivocally a safer credential than a password in relation to logging into web sites and apps. Passkeys can’t be guessed, the identical passkey can’t be reused throughout completely different web sites and apps, and also you can’t be tricked into divulging your passkeys to malicious actors by methods similar to phishing, smishing, squishing, and malvertising. Even when you’re strengthening consumer IDs and passwords with extra components of authentication, passkeys are a greater and safer various.
In actual fact, of the foremost expertise distributors which are encouraging end-users to modify to passkeys, no vendor is pushing customers to transition as exhausting as Microsoft is. However, on the similar time that Microsoft is aggressively campaigning for that transition, we’re nonetheless ready for Microsoft to supply the excellent credential administration capabilities which are essential to assist that future.
Managing passwords after Authenticator
For customers who managed their consumer IDs and passwords with Authenticator and need to stick with Microsoft-based options to handle their consumer IDs and passwords, their solely possibility is to export their passwords from Microsoft Authenticator to Microsoft’s Edge internet browser. As soon as customers do that, Edge is not going to solely take over the position of managing these consumer IDs and passwords, it’ll additionally deal with the auto-provisioning of these credentials (a.okay.a. autofill) on the time of login and the synchronization of these credentials to the consumer’s different copies of Edge.
Along with Home windows, Edge is on the market on MacOS, iOS, Android, and Linux. Given Edge’s cross-platform attain when in comparison with that of Microsoft Authenticator (iOS and Android), it makes extra sense for Edge to deal with credential administration and autofill.
This strategy, the place Microsoft is facilitating credential administration by the browser as a substitute of a cellular software intently resembles the way in which Google is dealing with credential administration and autofill by its Chrome browser. Each browsers are primarily based on Chromium and provide customers some primary password administration capabilities, and each depend on a central cloud to deal with credential synchronization to the identical browser on different gadgets.
The issue with non-syncable passkeys
However, on the time this text was printed, whereas Chrome’s password administration capabilities will auto-provision and synchronize credentials of each sorts (passwords and passkeys) to a consumer’s different installations of Chrome, Edge can solely synchronize passwords. In response to a Microsoft spokesperson who was interviewed for this story, “passkeys created for providers like PayPal and eBay are saved as device-bound credentials in Home windows and could be accessed through Home windows Settings > Accounts > Passkeys. These should not saved or synced in Edge.”
In different phrases, Edge for Home windows is able to dealing with and auto-provisioning passkeys throughout a login, however not the opposite variations of Edge. I confirmed this by attempting to make use of Edge for Android to register a passkey for eBay. Lots occurs behind the scenes once you register a passkey for the primary time, and I clarify the method in How Passkeys Work: Let’s Begin the Registration Course of.
Whereas an eBay passkey registration possibility exists when utilizing Edge for Home windows, no such possibility was accessible to me on Edge for Android. Along with that limitation, the eBay passkey that I used to be in a position to set up on Edge for Home windows couldn’t be synchronized to my copy of Edge for Android. This confirmed the spokesperson’s assertion about passkeys being “saved as device-bound credentials in Home windows.” System-bound passkeys are additionally known as “non-syncable passkeys.” They’re tied to the system that was used to create them and can’t be synchronized to a different system. Because it seems, the passkey that I established by Edge working on my copy of Home windows 11 was sure through Home windows Whats up to the Trusted Platform Module (TPM) in my HP Pocket book.
This raises the query of the place, throughout Microsoft’s portfolio, customers would possibly be capable to discover assist for syncable passkeys since they’re by far essentially the most handy type of passkey to make use of for the web sites and apps that assist them. In spite of everything, the corporate is already supporting syncable consumer IDs and passwords by Edge. The very last thing most customers need to do is handle a number of device-bound passkeys for every web site and app they use. Higher to only have one, identical to a password.
Your passkey administration choices now
That is the place the confusion units in. Throughout many of the articles that reported on the elimination of consumer ID and password assist in Microsoft Authenticator, the authors additionally famous that Authenticator would proceed to assist passkeys and that the consumer might proceed to depend on Authenticator to authenticate (login) with these passkeys (see my rationalization of what actually occurs throughout your ‘passwordless’ passkey login). It isn’t stunning that many of the articles stated this. In spite of everything, Microsoft’s personal publish concerning the modifications to Authenticator very clearly states, “Authenticator will proceed to assist passkeys. When you have arrange Passkeys to your Microsoft Account, be certain that Authenticator stays enabled as your Passkey Supplier. Disabling Authenticator will disable your passkeys.”
This definitely piqued my curiosity. On the floor, it was unusually beginning to appear to be Microsoft was shifting all consumer ID and password administration to Edge whereas on the similar time fracturing passkey administration throughout Microsoft Authenticator and Edge for Home windows as a substitute of shifting full assist for each syncable passwords and syncable passkeys to Edge (which is strictly how Chrome does it). So I went again to Microsoft to make it possible for I understood issues appropriately. I apparently did not.
“Authenticator will at all times proceed to assist device-bound passkeys for Entra accounts,” a Microsoft spokesperson advised me. “You will at all times be capable to create a kind of at this time and sooner or later.” There’s rather a lot to unpack there. Not solely are Authenticator-managed passkeys additionally device-bound passkeys (in different phrases, they can’t be synchronized), the passkey assist present in Authenticator is for customers of Microsoft Entra ID, Microsoft’s cloud-based id administration answer (previously often called Azure Energetic Listing) for companies. In different phrases, the passkey assist present in Microsoft Authenticator is just not for these of us within the basic consumer inhabitants who simply need to handle their credentials. And it nonetheless lacks any synchronization capabilities.
In a nutshell, for these of us within the basic consumer inhabitants who need to handle and use passkeys along with consumer IDs and passwords, Microsoft provides one possibility: Edge on Home windows. Moreover, neither Edge for Home windows nor Microsoft Authenticator (for Entra ID customers) provides passkey synchronization. The one sort of passkeys that Microsoft at the moment helps are device-bound (non-syncable) passkeys. That is clearly not very best, and realizing a number of the of us at Microsoft, I am certain they’d agree (particularly given how exhausting the corporate is promoting the concept of passkeys proper now).
My conclusion as I attempt to take a 30,000-foot view of this example is that in relation to all the completely different Microsoft applied sciences that play a task in credential administration — Home windows, Home windows Whats up, Authenticator, Edge, Microsoft Pockets, Entra ID, passkeys, and so on. — the corporate has loads of completely different items on the chessboard. Transferring all of them into the perfect place to assist the safe credential administration future it’s promoting is simpler stated than carried out.
In the identical manner {that a} chess participant (and opponent) at all times assume and anticipate a number of strikes forward, it is exhausting to not see that sooner or later, in the end (most likely sooner), Microsoft will assist syncable passkeys throughout all its variations of Edge identical to it does now with consumer IDs and passwords (and identical to Chrome does). That’s the solely logical final result given its strongly worded messages emigrate passwords from Authenticator to Edge.
However till that last chess transfer occurs, customers have choices within the different credential administration firms, together with Google and all of the third-party password managers (1Password, BitWarden, Dashlane, LastPass, NordPass, and so on.) that assist syncable passkeys and passwords in a single answer.
Keep forward of safety information with Tech Immediately, delivered to your inbox each morning.
